curl-library
Re: How to set service name for SPNEGO?
Date: Thu, 19 Feb 2015 00:25:57 -0800
Steve, many thanks! Your thinking makes total sense to me after looking at
the code. Socks5/proxy are indeed separate. I just checked our legal
counsel. Unfortunately our policy does not allow me to contribute code into
libcurl. I am sorry about that. It would be great if someone else can help
to make this change. -Wenlong
On Wed, Feb 18, 2015 at 3:11 PM, Steve Holme <steve_holme_at_hotmail.com>
wrote:
> On Tue, 17 Feb 2015, Wenlong Dong wrote:
>
> > > * I'd rather support this across all of our mechanisms that use
> > > a SPN (such as Socks 5, SPNEGO, Kerberos, Digest) in each of
> > > the GSS-API, SSPI and Native implementations
> > >
> > > * Possibly deprecate CURLOPT_SOCKS5_GSSAPI_SERVICE (I
> > > would suggest a new CURLOPT_SERVICE_NAME or
> > > CURLOPT_SPN, etc... option with the same value for API
> > > compatibility)
> > >
> > > * The code has also changed quite a bit since v7.36 (The next
> > > release will be 7.41)
> >
> > Steve, thanks a lot for the quick response! Those are great comments.
>
> No problem.
>
> > Let me try to put together a change with what you mentioned.
>
> Sound good - I look forward to seeing your proposed changes.
>
> > In that case CURLOPT_SERVICE_NAME makes more sense. For
> > negotiate/Kerberos, we let the libcurl to append the host name
> > to generate the SPN as <servicename>/<host>.
>
> Ah - right. Yes - I see your point.
>
> Some more random thoughts from me this evening...
>
> I wouldn't recommend replacing CURLOPT_SOCKS5_GSSAPI_SERVICE with
> CURLOPT_SERVICE_NAME as Socks 5 is used as a proxy and a curl user /
> libcurl programmer might want to set both the proxy and the protocol
> service name. As such I would recommend something like:
>
> * libcurl - replace CURLOPT_SOCKS5_GSSAPI_SERVICE with
> CURLOPT_PROXY_SERVICE_NAME as it can then be used for HTTP proxy with
> Kerberos/SPNEGO/Digest and keep CURLOPT_SOCKS5_GSSAPI_SERVICE for backwards
> API compatibility
> * libcurl - add CURLOPT_SERVICE_NAME as new value
> * curl - replace --socks5-gssapi-service with --proxy-service-name and add
> --socks5-gssapi-service as an alias
> * curl - add support for --service-name as a new argument
>
> Kind Regards
>
> Steve
>
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-library
> Etiquette: http://curl.haxx.se/mail/etiquette.html
>
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-02-19